diff --git a/api/chalicelib/core/integration_github.py b/api/chalicelib/core/integration_github.py index b300aa7f7..0be412122 100644 --- a/api/chalicelib/core/integration_github.py +++ b/api/chalicelib/core/integration_github.py @@ -24,8 +24,7 @@ class GitHubIntegration(integration_base.BaseIntegration): integration = self.get() if integration is None: return None - token = "*" * (len(integration["token"]) - 4) + integration["token"][-4:] - return {"token": token, "provider": self.provider.lower()} + return {"token": helper.obfuscate(text=integration["token"]), "provider": self.provider.lower()} def update(self, changes, obfuscate=False): with pg_client.PostgresClient() as cur: @@ -40,12 +39,14 @@ class GitHubIntegration(integration_base.BaseIntegration): **changes}) ) w = helper.dict_to_camel_case(cur.fetchone()) + if w and w.get("token") and obfuscate: + w["token"] = helper.obfuscate(w["token"]) return w def _add(self, data): pass - def add(self, token): + def add(self, token, obfuscate=False): with pg_client.PostgresClient() as cur: cur.execute( cur.mogrify("""\ @@ -56,6 +57,8 @@ class GitHubIntegration(integration_base.BaseIntegration): "token": token}) ) w = helper.dict_to_camel_case(cur.fetchone()) + if w and w.get("token") and obfuscate: + w["token"] = helper.obfuscate(w["token"]) return w # TODO: make a revoke token call @@ -81,4 +84,4 @@ class GitHubIntegration(integration_base.BaseIntegration): obfuscate=True ) else: - return self.add(token=data["token"]) + return self.add(token=data["token"], obfuscate=True) diff --git a/api/chalicelib/utils/helper.py b/api/chalicelib/utils/helper.py index 458691f0c..85e34ec80 100644 --- a/api/chalicelib/utils/helper.py +++ b/api/chalicelib/utils/helper.py @@ -312,3 +312,9 @@ def get_domain(): if not _url.startswith("http"): _url = "http://" + _url return '.'.join(urlparse(_url).netloc.split(".")[-2:]) + + +def obfuscate(text, keep_last: int = 4): + if text is None or not isinstance(text, str): + return text + return "*" * (len(text) - keep_last) + text[-keep_last:]